At Fri, 21 Oct 2005 23:01:55 -0700,
Naotoshi Seo wrote:
> I got another trouble. I succeeded to show edit.html, but I could not
> edit actaully.
> edit.html is an editview page. So, the html has post tag like
> <post action="http://.../messageboardobject/edit.html">
> Therefore, same traverser trys to receive this posted action, and trys
> to check password again (actually, and id) to find message object.
> Therefore, I have to pass password and id which was posted before at
> password.html using hidden field or some ways. Or, I have to specify
> different page for <post action=""> . I have no idea how editview's
> post action is working, so I am not sure specifying different page for
> post action works, though.
I think that would be a different issue, you should separate a plan
from "prohibit visitors from to access edit.html".
ZCML's editform is not flexible, so it is hard to add one more field in
auto-generated form. If you want to do, you may need zope.formlib package.
But I have another idea. We can use session for making stateful application.
then user doesn't need to post his password again.
And this is a little trick make a container to show its content's editform.
from zope.app.session.interfaces import ISession
PACKAGE_NAME = 'your application name'
def __init__(self, context, request):
session = ISession(request)[PACKAGE_NAME]
password = request.get('password')
if password is None:
password = session.get('password')
message = getMessage(context, password) # please implement this:)
session['password'] = password
self.context = message # trick1
self.request = request
schema="IMessage" <------ trick2
Zope3-users mailing list